We came across an issue recently where every user that had their IE set to automatically detect settings could not access the internet. Their IE settings were push out via WPAD that was pushed out via DHCP.
We had published WPAD via our TMG and configured the DHCP scope accordingly. However when any user tried to access the internet the connection failed. But if the users pointed their proxy manually to the TMG the internet worked fine.
To troubleshoot this we did logging on the TMG and we noticed that the destination of all Wpad requests from the client were going to the RAS adapter on the TMG instead of the internal adapter.
To resolve this we ran the following VBScript on TMG. “referenced from http://blogs.technet.com/b/isablog/archive/2008/06/26/understanding-by-design-behavior-of-isa-server-2006-using-kerberos-authentication-for-web-proxy-requests-on-isa-server-2006-with-nlb.aspx”
Const fpcCarpNameSystem_DNS = 0
Const fpcCarpNameSystem_WINS = 1
Const fpcCarpNameSystem_IP = 2
Dim oISA: Set oISA = CreateObject( “FPC.Root” )
Dim oArray: Set oArray = oISA.GetContainingArray
Dim oWebProxy: Set oWebProxy = oArray.ArrayPolicy.WebProxy
If fpcCarpNameSystem_DNS = oWebProxy.CarpNameSystem Then
WScript.Echo “ISA is already configured to provide DNS names in the WPAD script”
oWebProxy.CarpNameSystem = fpcCarpNameSystem_DNS
WScript.Echo “ISA was configured to provide DNS names in the WPAD script…”
After the script was run auto-detect worked for all clients and WPAD requests went through the correct network adapter on TMG.